rest: better json clients validation

- check maximum limit of clients - reject empty array
author: OpenGnSys Support Team <soporte-og@soleta.eu> 2024-09-04 01:12:13 +0200
committer: OpenGnSys Support Team <soporte-og@soleta.eu> 2024-09-17 17:46:00 +0200
commit: 32b9a53f577e960b7f6120342d67f2c98277f2c1 (patch)
tree: 6a4e6990d186b9f002769bddfc08670463283545
parent: e3a73a504f6a63bf1a716131cf9dea75dc7b0b41 (diff)
1 files changed, 8 insertions, 8 deletions
diff --git a/src/rest.c b/src/rest.c
index 99fbe1f..235cab8 100644
--- a/src/rest.c
+++ b/src/rest.c
@@ -173,16 +173,22 @@ static int og_json_parse_clients(json_t *element, struct og_msg_params *params)
 		return -1;
 
 	for (i = 0; i < json_array_size(element); i++) {
+		if (params->ips_array_len >= OG_CLIENTS_MAX)
+			return -1;
+
 		k = json_array_get(element, i);
 		if (json_typeof(k) != JSON_STRING)
 			return -1;
 
 		params->ips_array[params->ips_array_len++] =
 			json_string_value(k);
-
-		params->flags |= OG_REST_PARAM_ADDR;
 	}
 
+	if (params->ips_array_len == 0)
+		return -1;
+
+	params->flags |= OG_REST_PARAM_ADDR;
+
 	return 0;
 }
 
@@ -1800,9 +1806,6 @@ static int og_cmd_get_client_setup(json_t *element,
 	if (!og_msg_params_validate(params, OG_REST_PARAM_ADDR))
 		return -1;
 
-	if (params->ips_array_len != 1)
-		return -1;
-
 	root = json_object();
 	if (!root)
 		return -1;
@@ -2072,9 +2075,6 @@ static int og_cmd_get_client_info(json_t *element,
 	if (!og_msg_params_validate(params, OG_REST_PARAM_ADDR))
 		return -1;
 
-	if (params->ips_array_len != 1)
-		return -1;
-
 	if (inet_aton(params->ips_array[0], &addr) == 0)
 		return -1;
author	OpenGnSys Support Team <soporte-og@soleta.eu>	2024-09-04 01:12:13 +0200
committer	OpenGnSys Support Team <soporte-og@soleta.eu>	2024-09-17 17:46:00 +0200
commit	32b9a53f577e960b7f6120342d67f2c98277f2c1 (patch)
tree	6a4e6990d186b9f002769bddfc08670463283545
parent	e3a73a504f6a63bf1a716131cf9dea75dc7b0b41 (diff)